<?php
/*******************************************************************
 * WebORBAuthorizationHandler.php
 * Copyright (C) 2006-2007 Midnight Coders, LLC
 *
 * The contents of this file are subject to the Mozilla Public License
 * Version 1.1 (the "License"); you may not use this file except in
 * compliance with the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS"
 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
 * License for the specific language governing rights and limitations
 * under the License.
 *
 * The Original Code is WebORB Presentation Server (R) for PHP.
 * 
 * The Initial Developer of the Original Code is Midnight Coders, LLC.
 * All Rights Reserved.
 ********************************************************************/

require_once(WebOrb . "Security/IAuthorizationHandler.php");
 
class WebORBAuthorizationHandler
    implements IAuthorizationHandler
{
  
    public /*bool*/ function authorizeAccess(/*string*/ $resource, ORBSecurity $security)
    {
      echo($resource);
      
      $resource = ServiceRegistry::getMapping($resource);
 
      $accessConstraintsNames = $security->getConstraints($resource);
          
      if($accessConstraintsNames == null && strpos($resource,"#") !== false)
        $accessConstraintsNames = $security->getConstraints(substr($resource,strpos($resource,"#")));
    
      if($accessConstraintsNames == null)
      {     
        
        if($security->getDeploymentMode() != ORBSecurity::OPENSYSTEM_MODE)
        {
            Log::log(LoggingConstants::SECURITY,"access to resource " . $resource . "has been denied. WebORB Closed-System Mode requires explicit access declaration for all resources");
            
            return false;
        }
            
         return true;
      }
      
      foreach($accessConstraintsNames as $constraintName)
      {
          $constraint = $security->getAccessConstraint($constraintName);
          
          if(!$constraint->validate())
          {
              echo(get_class($constraint));
              Log::log(LoggingConstants::DEBUG,"access denied. resource name - '" . $resource . "'. reason - " . $constraint->getReason());
              
              return false;
          }
      }
      
      return true;
    }

}

?>